• Shopping Cart
    There are no items in your cart

ISO 22307:2008

Current

Current

The latest, up-to-date edition.

Financial services — Privacy impact assessment

Available format(s)

Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users

Language(s)

English

Published date

16-04-2008

€144.00
Excluding VAT

ISO 22307:2008 recognizes that a privacy impact assessment (PIA) is an important financial services and banking management tool to be used within an organization, or by “contracted” third parties, to identify and mitigate privacy issues and risks associated with processing consumer data using automated, networked information systems.

ISO 22307:2008

  • describes the privacy impact assessment activity in general,
  • defines the common and required components of a privacy impact assessment, regardless of business systems affecting financial institutions, and
  • provides informative guidance to educate the reader on privacy impact assessments.

A privacy compliance audit differs from a privacy impact assessment in that the compliance audit determines an institution's current level of compliance with the law and identifies steps to avoid future non-compliance with the law. While there are similarities between privacy impact assessments and privacy compliance audits in that they use some of the same skills and that they are tools used to avoid breaches of privacy, the primary concern of a compliance audit is simply to meet the requirements of the law, whereas a privacy impact assessment is intended to investigate further in order to identify ways to safeguard privacy optimally.

ISO 22307:2008 recognizes that the choices of financial and banking system development and risk management procedures are business decisions and, as such, the business decision makers need to be informed in order to be able to make informed decisions for their financial institutions. ISO 22307:2008 provides a privacy impact assessment structure (common PIA components, definitions and informative annexes) for institutions handling financial information that wish to use a privacy impact assessment as a tool to plan for, and manage, privacy issues within business systems that they consider to be vulnerable.

Committee
ISO/TC 68/SC 9
DevelopmentNote
Supersedes ISO/DIS 22307. (04/2008)
DocumentType
Standard
Pages
28
PublisherName
International Organization for Standardization
Status
Current

Standards Relationship
NEN ISO 22307 : 2008 Identical
ANSI X9.99:2009(R2020) Identical

BS ISO/IEC 29134:2017 Information technology. Security techniques. Guidelines for privacy impact assessment
PD ISO/TS 12812-2:2017 Core banking. Mobile financial services Security and data protection for mobile financial services
16/30278511 DC : 0 BS ISO/IEC 29134 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - PRIVACY IMPACT ASSESSMENT - GUIDELINES
15/30281583 DC : 0 BS ISO 12812-2 - CORE BANKING - MOBILE FINANCIAL SERVICES - PART 2: SECURITY AND DATA PROTECTION FOR MOBILE FINANCIAL SERVICES
ISO/IEC 29134:2017 Information technology — Security techniques — Guidelines for privacy impact assessment
ISO/TS 12812-2:2017 Core banking — Mobile financial services — Part 2: Security and data protection for mobile financial services

IEEE 1471-2000 IEEE Recommended Practice for Architectural Description for Software-Intensive Systems
ISO/IEC 17799:2005 Information technology Security techniques Code of practice for information security management

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.